MAL-2026-4027 Malicious code in @antv/hierarchy (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in django-b64-img (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5ebdaebc61cf7a888322348e074f219519b7d09a24ab91732d8bc5061d86b2e The package provides a special image-storing field for Django REST Framework based on a legitimate implementation from the Hipo/drf-extra-fields repository. Th...

EUVD-1999-0184

Malware in sbrugna...

EUVD-2023-43118

Malicious code in bioql PyPI...

CVE-2022-41576

The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices...

GO-2024-2948 Code Execution on Git update in github.com/hashicorp/go-getter

A crafted request can execute Git update on an existing maliciously modified Git Configuration. This can potentially lead to arbitrary code execution. When performing a Git operation, the library will try to clone the given repository to a specified destination. Cloning initializes a git config i...

CVE-2023-39393

Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten...

CVE-2023-39392

Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten...

CVE-2023-39392

Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten...

Design/Logic Flaw

Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten...

CVE-2023-39393

CVE-2023-39393 affects Huawei HarmonyOS ServiceWifiResources module. The root cause is insecure signatures in the ServiceWifiResources component, which can allow a network-exploited attacker to cause the resource to be maliciously modified or overwritten. The vulnerability has a CVSS 3.1 base sco...

PT-2023-26921 · Unknown · Servicewifiresources

Name of the Vulnerable Software and Affected Versions: ServiceWifiResources affected versions not specified Description: The issue is related to insecure signatures in the ServiceWifiResources module. Successful exploitation may cause ServiceWifiResources to be maliciously modified and overwritte...

CVE-2022-41576

The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices...

CVE-2022-36385

CVE-2022-36385 affects Contec Health CMS8000 family (CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor). The vulnerability arises from improper access controls that permit a threat actor with momentary physical access to insert a USB drive and perform a malicious firmware update, causing permane...

Prototype Pollution

Overview All versions of reggae are vulnerable to prototype pollution. The function set does not restrict the modification of an Object's prototype, which may allow a malicious to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available...

CVE-2017-5108

CVE-2017-5108 is a type-confusion vulnerability in the PDFium component of Chromium, affecting Google Chrome/Chromium before 60.0.3112.78 on Mac, Windows, Linux and Android. The connected documents corroborate an arbitrary code execution risk via a crafted PDF file due to PDFium weaknesses, with ...

Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3213644)

A security vulnerability exists in Microsoft Office Compatibility Pack Service Pack 3 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

Automotive service O2O was raging, the product safety who to pay attention-vulnerability warning-the black bar safety net

Off to 2 0 1 5 years 4 months, our country motor vehicle retains the quantity has reached 2. 6 4 million vehicles, in the face of nearly a trillion level of automotive after-market, all kinds of automotive service O2O platform competing to rise, 2 0 1 4 years O2O automotive after-market field...

Remember the vulnerability analysis for the first time-the vulnerability warning-the black bar safety net

Just getting started in heroic and wretched kk under the guidance of the analysis of the first vulnerability program, today writing from scratch process. The vulnerability program is in ahttp://www.exploit-db.com/exploits/17854/to download, this site provides not only the vulnerability of the...

CVE-1999-0184

CVE-1999-0184 affects bind when built with the -DALLOW_UPDATES option, enabling dynamic updates to the DNS server and allowing malicious modification of DNS records. The vulnerability is tied to enabling dynamic updates in the DNS server, with impact described as potential modification of records...